While Trend Micro has informed Facebook of these findings, users should still exercise caution when entering login credentials. The messages appear as notifications in a target user’s legitimate Facebook profile.Īfter entering the credentials, users would then be redirected to Facebook itself. (These were the Posts and Stream applications.) They were used for a phishing attack that sent users to a known phishing domain, with a page claiming that users need to enter their login credentials to use the application. However, that’s not quite the case, as we’ve seen before.Įarlier this week, however, Trend Micro researcher Rik Ferguson found at least two-if not more-malicious applications on Facebook. It would be easy to think that once someone has logged in successfully to Facebook-and not a phishing site-that the security threat is largely gone.
